Slashdot.org

Popular Science reports that early last week, researchers at the U.S. Energy Department's Princeton Plasma Physics Laboratory revealed their new "MUSE" stellarator — "a unique fusion reactor that uses off-the-shelf and 3D-printed materials to contain its superheated plasma." The researchers' announcement says the technique suggests "a simple way to build future devices for less cost and allow researchers to test new concepts for future fusion power plants." Stellarators typically rely on complicated electromagnets that have complex shapes and create their magnetic fields through the flow of electricity. Those electromagnets must be built precisely with very little room for error, increasing their cost. However, permanent magnets, like the magnets that hold art to refrigerator doors, do not need electric currents to create their fields. They can also be ordered off the shelf from industrial suppliers and then embedded in a 3D-printed shell around the device's vacuum vessel, which holds the plasma. "MUSE is largely constructed with commercially available parts," said Michael Zarnstorff, a senior research physicist at PPPL. "By working with 3D-printing companies and magnet suppliers, we can shop around and buy the precision we need instead of making it ourselves." The original insight that permanent magnets could be the foundation for a new, more affordable stellarator variety came to Zarnstorff in 2014. "I realized that even if they were situated alongside other magnets, rare-earth permanent magnets could generate and maintain the magnetic fields necessary to confine the plasma so fusion reactions can occur," Zarnstorff said, "and that's the property that makes this technique work." [...] In addition to being an engineering breakthrough, MUSE also exhibits a theoretical property known as quasisymmetry to a higher degree than any other stellarator has before. It is also the first device completed anywhere in the world that was designed specifically to have a type of quasisymmetry known as quasiaxisymmetry. Conceived by physicist Allen Boozer at PPPL in the early 1980s, quasisymmetry means that although the shape of the magnetic field inside the stellarator may not be the same around the physical shape of the stellarator, the magnetic field's strength is uniform around the device, leading to good plasma confinement and higher likelihood that fusion reactions will occur. "In fact, MUSE's quasisymmetry optimization is at least 100 times better than any existing stellarator," Zarnstorff said. "The fact that we were able to design and build this stellarator is a real achievement," said Tony Qian, a graduate student in the Princeton Program in Plasma Physics, which is based at PPPL. Also covered by Gizmodo. Thanks to Slashdot reader christoban for sharing the news.

Read more of this story at Slashdot.

"An improved charging protocol might help lithium-ion batteries to last much longer," writes Science Daily: The best commercial lithium-ion batteries...have a service life of up to eight years. Batteries are usually charged with a constant current flow. But is this really the most favorable method? A new study by Prof. Philipp Adelhelm's group at HZB and Humboldt-University Berlin answers this question clearly with "no." [In collaboration with teams including the Technical University of Berlin.] Part of the battery tests were carried out at Aalborg University. The batteries were either charged conventionally with constant current (CC) or with a new charging protocol with pulsed current (PC). Post-mortem analyses revealed clear differences after several charging cycles: In the CC samples, the solid electrolyte interface (SEI) at the anode was significantly thicker, which impaired the capacity... PC-charging led to a thinner SEI interface and fewer structural changes in the electrode materials. The study is published in the journal Advanced Energy Materials and analyzes the effect of the charging protocol on the service time of the battery, according to the article. "The frequency of the pulsed current counts..." "Doubling the life of your EV's battery or even your smartphone's battery is no small thing," says Slashdot reader NewtonsLaw...

Read more of this story at Slashdot.

DOJ-Collected Information Exposed In Data Breach Affecting 340,000 Information Collected An anonymous reader shared this report from Security Week: Economic analysis and litigation support firm Greylock McKinnon Associates, Inc. (GMA) is notifying over 340,000 individuals that their personal and medical information was compromised in a year-old data breach. The incident was detected on May 30, 2023, but it took the firm roughly eight months to investigate and determine what type of information was compromised and to identify the impacted individuals. According to GMA's notification letter to the affected individuals, a copy of which was submitted to the Maine Attorney General's Office, both personal and Medicare information was compromised in the data breach... "This information may have included your name, date of birth, address, Medicare Health Insurance Claim Number (which contains a Social Security number associated with a member) and some medical information and/or health insurance information," the notification letter reads. The compromised data, GMA says, was obtained by the US Department of Justice "as part of a civil litigation matter". More than 340,000 individuals were affected by the data breach, the company told the Maine Attorney General's Office. The impacted individuals, however, are "not the subject of this investigation or the associated litigation matters", the company tells the affected individuals.

Read more of this story at Slashdot.

Foreign Policy magazine visits a U.S. military training exercise that pitted Lt. Isaac McCurdy and his platoon of infantry troops against machines with camera lenses for eyes and sheet metal for skin: Driving on eight screeching wheels and carrying enough firepower on their truck beds to fill a small arms depot, a handful of U.S. Army robots stormed through the battlefield of the fictional city of Ujen. The robots shot up houses where the opposition force hid. Drones that had been loitering over the battlefield for hours hovered above McCurdy and his team and dropped "bombs" — foam footballs, in this case — right on top of them, a perfectly placed artillery shot. Robot dogs, with sensors for heads, searched houses to make sure they were clear. "If you see the whites of someone's eyes or their sunglasses, [and] you shoot back at that, they're going to have a human response," McCurdy said. "If it's a robot pulling up, shooting something that's bigger than you can carry yourself, and it's not going to just die when you shoot a center mass, it's a very different feeling." In the United States' next major war, the Army's brass is hoping that robots will be the ones taking the first punch, doing the dirty, dull, and dangerous jobs that killed hundreds — likely thousands — of the more than 7,000 U.S. service members who died during two decades of wars in the Middle East. The goal is to put a robot in the most dangerous spot on the battlefield instead of a 19-year-old private fresh out of basic training... [Several] Army leaders believe that almost every U.S. Army unit, down to the smallest foot patrols, will soon have drones in the sky to sense, protect, and attack. And it won't be long before the United States is deploying ground robots into battle in human-machine teams. The robots haven't been tested with live ammunition yet — or in colder temperatures, the magazine notes. (And at one point in the exercise, "Army officials jammed themselves, and a swarm of drones dropped out of the sky.) But the U.S. Army is "considering a proposal to add a platoon of robots, the equivalent of 20 to 50 human soldiers, to its armored brigade combat team." Six generals and several colonels watched the exercise, according to the article, which notes that the ultimate goal isn't to replace all human soldiers. "The point is to get the advantage before China or Russia do."

Read more of this story at Slashdot.

An anonymous reader shared this report from BleepingComputer: Researchers have demonstrated the "first native Spectre v2 exploit" for a new speculative execution side-channel flaw that impacts Linux systems running on many modern Intel processors. Spectre V2 is a new variant of the original Spectre attack discovered by a team of researchers at the VUSec group from VU Amsterdam. The researchers also released a tool that uses symbolic execution to identify exploitable code segments within the Linux kernel to help with mitigation. The new finding underscores the challenges in balancing performance optimization with security, which makes addressing fundamental CPU flaws complicated even six years after the discovery of the original Spectre.... As the CERT Coordination Center (CERT/CC) disclosed yesterday, the new flaw, tracked as CVE-2024-2201, allows unauthenticated attackers to read arbitrary memory data by leveraging speculative execution, bypassing present security mechanisms designed to isolate privilege levels. "An unauthenticated attacker can exploit this vulnerability to leak privileged memory from the CPU by speculatively jumping to a chosen gadget," reads the CERT/CC announcement. "Current research shows that existing mitigation techniques of disabling privileged eBPF and enabling (Fine)IBT are insufficient in stopping BHI exploitation against the kernel/hypervisor." "For a complete list of impacted Intel processors to the various speculative execution side-channel flaws, check this page updated by the vendor."

Read more of this story at Slashdot.

From the Washington Post: The U.S. government said Thursday that Russian government hackers who recently stole Microsoft corporate emails had obtained passwords and other secret material that might allow them to breach multiple U.S. agencies. The Cybersecurity and Infrastructure Security Agency, an arm of the Department of Homeland Security, on Tuesday issued a rare binding directive to an undisclosed number of agencies requiring them to change any log-ins that were taken and investigate what else might be at risk. The directive was made public Thursday, after recipients had begun shoring up their defenses. The "successful compromise of Microsoft corporate email accounts and the exfiltration of correspondence between agencies and Microsoft presents a grave and unacceptable risk to agencies," CISA wrote. "This Emergency Directive requires agencies to analyze the content of exfiltrated emails, reset compromised credentials, and take additional steps to ensure authentication tools for privileged Microsoft Azure accounts are secure." "CISA officials told reporters it is so far unclear whether the hackers, associated with Russian military intelligence agency SVR, had obtained anything from the exposed agencies," according to the article. And the article adds that CISA "did not spell out the extent of any risks to national interests." But the agency's executive assistant director for cybersecurity did tell the newspaper that "the potential for exposure of federal authentication credentials...does pose an exigent risk to the federal enterprise, hence the need for this directive and the actions therein." Microsoft's Windows operating system, Outlook email and other software are used throughout the U.S. government, giving the Redmond, Washington-based company enormous responsibility for the cybersecurity of federal employees and their work. But the longtime relationship is showing increasing signs of strain.... [T]he breach is one of a few severe intrusions at the company that have exposed many others elsewhere to potential hacking. Another of those incidents — in which Chinese government hackers cracked security in Microsoft's cloud software offerings to steal email from State Department and Commerce Department officials — triggered a major federal review that last week called on the company to overhaul its culture, which the Cyber Safety Review Board cited as allowing a "cascade of avoidable errors."

Read more of this story at Slashdot.

"After a year of cracking down with rigid return-to-office mandates, defeated CEOs are now finally accepting that hybrid working is here to stay," reports Fortune: KPMG surveyed U.S. CEOs of companies turning over at least $500 million and found that just one-third expect a full return to the office in the next three years. So it's official: Leaders who believe that office workers will be back at their desks five days a week in the near future are now in the small minority. It's a complete 360 on their stance last year, when 62% of CEOs surveyed predicted that working from home would end by 2026. At the time, 90% of CEOs even admitted that they were so steadfast on summoning staff back to their vertical towers that they were sweetening the pot with salary raises, promotions, and favorable assignments to those who showed face more. But now, bosses are backtracking: Nearly half of CEOs have concluded that the future of work is hybrid — up from 34% last year. What's more, a sizable chunk of CEOs aren't just embracing working from home on Fridays, they're going one step further and ditching the workday altogether. KPMG found that a third of CEOs are exploring the feasibility of a four-day week at their firm... Research has echoed that nearly half of companies with return-to-office mandates witnessed a higher level of employee attrition than they had anticipated, and 29% of companies enforcing office returns are struggling with recruitment. It perhaps explains why, as KPMG's data shows, CEOs are now waking up to the fact that the future of work is probably the happy medium of hybrid... Lewis Maleh, CEO of the global executive recruitment agency Bentley Lewis, has already witnessed a U-turn to more flexible job ads. "I've noticed a definite rise in job postings advertising remote or hybrid work," Maleh tells Fortune. "We haven't worked on any searches that require the candidate to be in the office five days per week in the past six months globally." "The shift demonstrates the cementing of hybrid work models, as CEOs increasingly recognize flexibility as a key factor in attracting and retaining top talent."

Read more of this story at Slashdot.

O'Reilly's "Tech Trends" newsletter included an interesting item this month: Want your own Klein Bottle? Made by Cliff Stoll, author of the cybersecurity classic The Cuckoo's Egg, who will autograph your bottle for you (and may include other surprises). First described in 1882 by the mathematician Felix Klein, a Klein bottle (like a Mobius strip) has a one-side surface. ("Need a zero-volume bottle...?" asks Stoll's web site. "Want the ultimate in non-orientability...? A mathematician's delight, handcrafted in glass.") But how the legendary cyberbreach detective started the company is explained in this 2016 article from a U.C. Berkeley alumni magazine. Its headline? "How a Berkeley Eccentric Beat the Russians — and Then Made Useless, Wondrous Objects." The reward for his cloak-and-dagger wizardry? A certificate of appreciation from the CIA, which is stashed somewhere in his attic... Stoll published a best-selling book, The Cuckoo's Egg, about his investigation. PBS followed it with a NOVA episode entitled "The KGB, the Computer, and Me," a docudrama starring Stoll playing himself and stepping through the "fourth wall" to double as narrator. Stoll had stepped through another wall, as well, into the numinous realm of fame, as the burgeoning tech world went wild with adulation... He was more famous than he ever could have dreamed, and he hated it. "After a few months, you realize how thin fame is, and how shallow. I'm not a software jockey; I'm an astronomer. But all people cared about was my computing." Stoll's disenchantment also arose from what he perceived as the false religion of the Internet... Stoll articulated his disenchantment in his next book, Silicon Snake Oil, published in 1995, which urged readers to get out from behind their computer screens and get a life. "I was asking what I thought were reasonable questions: Is the electronic classroom an improvement? Does a computer help a student learn? Yes, but what it teaches you is to go to the computer whenever you have a question, rather than relying on yourself. Suppose I was an evil person and wanted to eliminate the curiosity of children. Give the kid a diet of Google, and pretty soon the child learns that every question he has is answered instantly. The coolest thing about being human is to learn, but you don't learn things by looking it up; you learn by figuring it out." It was not a popular message in the rise of the dot-com era, as Stoll soon learned... Being a Voice in the Wilderness doesn't pay well, however, and by this time Stoll had taken his own advice and gotten a life; namely, marrying and having two children. So he looked around for a way to make some money. That ushered in his third — and current — career as President and Chief Bottle Washer of the aforementioned Acme Klein Bottle company... At first, Stoll had a hard time finding someone to make Klein bottles. He tried a bong peddler on Telegraph Avenue, but the guy took Cliff's money and disappeared. "I realized that the trouble with bong makers is that they're also bong users." Then in 1994, two friends of his, Tom Adams and George Chittenden, opened a shop in West Berkeley that made glassware for science labs. "They needed help with their computer program and wanted to pay me," Stoll recalls. "I said, 'Nah, let's make Klein bottles instead.' And that's how Acme Klein Bottles was born." UPDATE: Turns out Stoll is also a long-time Slashdot reader, and shared comments this weekend on everything from watching the eclipse to his VIP parking pass for CIA headquarters and "this CIA guy's rubber-stamp collection." "I am honored by the attention and kindness of fellow nerds and online friends," Stoll added Saturday. "When I first started on that chase in 1986, I had no idea wrhere it would lead me... To all my friends: May you burdens be light and your purpose high. Stay curious!"

Read more of this story at Slashdot.

This week the new "Find My Device" feature rolled out to Android devices around the world, starting in the U.S. and Canada. "With a new, crowdsourced network of over a billion Android devices, Find My Device can help you find your misplaced Android devices and everyday items quickly and securely," according to a Google blog post. ZDNet explains: Although Google already offers a Find My Device setting on Android phones, the device you're looking for must be powered on and connected for the feature to work. The new Find My Device network is designed to use Bluetooth to track down missing phones and other devices that are disconnected from a Wi-Fi or cellular network. A Powered Off Finding feature would let each device store beacons in its Bluetooth controller's memory, letting the network see any supported device even if it's not connected. From Google's blog post: Locate your compatible Android phone and tablet by ringing them or viewing their location on a map in the app — even when they're offline. And thanks to specialized Pixel hardware, Pixel 8 and 8 Pro owners will also be able to find their devices if they're powered off or the battery is dead. Starting in May, you'll be able to locate everyday items like your keys, wallet or luggage with Bluetooth tracker tags from Chipolo and Pebblebee in the Find My Device app. Google promises "end-to-end encryption of location data as well as aggregated device location reporting, a first-of-its-kind safety feature that provides additional protection against unwanted tracking back to a home or private location." Find My Device is available on compatible devices running Android 9 or higher. In addition, "Sometimes what we're looking for is right under our noses. If you're close to your lost device but need a little extra help tracking it down, a 'Find nearby' button will appear to help you figure out exactly where it's hiding. You'll also be able to use this to find everyday items, like your wallet or keys, when Bluetooth tags launch in May. "More often than not, we lose everyday items like our keys or phone right at home. So the Find My Device app now shows a lost device's proximity to your home Nest devices, giving you an easy reference point."

Read more of this story at Slashdot.

Aboard the deck of a World War II-era aircraft carrier, University of Washington scientists flicked the switch on a glorified snow-making machine," reports the Seattle Times. They describe the scientists "blasting a plume of saline spray off the coast of Alameda, California... trying to perfect a shot of salty particles that would make clouds better at reflecting sunlight back toward space, and help cool the Earth. "It's called marine cloud brightening." Compressed air was pumped at hundreds of pounds per square inch through a nozzle full of a salty mix with a similar composition to seawater housed in an apparatus similar to a snow-making machine. The New York Times reported the machine produced a deafening hiss, releasing a fine mist that traveled hundreds of feet through the air. The scientists wanted to see if the machine could generate a consistent spray of the right size salt aerosols, taking samples downwind with instruments mounted on scissor lifts, commonly used in construction. "This study is not yet large enough to affect local weather," the article points out. Yet "the idea of interfering with nature is so contentious, organizers of Tuesday's test kept the details tightly held, concerned that critics would try to stop them," reported the New York Times. If it works, the next stage would be to aim at the heavens and try to change the composition of clouds above the Earth's oceans..."I hope, and I think all my colleagues hope, that we never use these things, that we never have to," said Sarah Doherty, an atmospheric scientist at the University of Washington and the manager of its marine cloud brightening program. She said there were potential side effects that still needed to be studied, including changing ocean circulation patterns and temperatures, which might hurt fisheries. Cloud brightening could also alter precipitation patterns, reducing rainfall in one place while increasing it elsewhere. But it's vital to find out whether and how such technologies could work, Doherty said, in case society needs them. And no one can say when the world might reach that point. More from the Seattle Times: Some scientists warn that human influence on natural phenomena has rarely yielded the desired outcome, and often comes with unintended consequences. But, as the fossil-fueled world hurtles toward the internationally approved global warming limit to avoid the worst impacts of climate change, some argue there's a need to study backup plans. "When I started graduate school in 1995, climate change, global warming was on the horizon, but there was still time to do something like reduce emissions at a scale that would allow us to avoid serious climate disruption," program manager Sarah Doherty said in an interview. "I think it's come to the point where the science community recognizes that a fairly significant degree of climate disruption and damage and suffering is pretty inevitable...." Doherty and the team are not advocating that anyone try cloud brightening now, but instead are hoping to develop a foundation for research that future decision-makers could rely on if they are evaluating geoengineering as a means of reducing suffering. More info here from Politico and San Francisco Chronicle. The New York Times notes that Bill Gates began funding early research in 2006.

Read more of this story at Slashdot.

The Linux Foundation-backed project OpenTofu "has gotten legal pushback from HashiCorp," according to a report — just seven months after forking OpenTofu's code from HashiCorp's IT deployment software Terraform: On April 3, HashiCorp issued a strongly-worded Cease and Desist letter to OpenTofu, accusing that the project has "repeatedly taken code HashiCorp provided only under the Business Software License (BSL) and used it in a manner that violates those license terms and HashiCorp's intellectual property rights." It goes on to note that "In at least some instances, OpenTofu has incorrectly re-labeled HashiCorp's code to make it appear as if it was made available by HashiCorp originally under a different license." Last August, HashiCorp announced that it would be transitioning its software from the open source Mozilla Public License (MPL 2.0) to the Business Source License (BSL), a license that permits the source to be viewed, but not run in production environments without explicit approval by the license owner. HashiCorp gave OpenTofu until April 10 to remove any allegedly copied code from the OpenTofu repository, threatening litigation if the project fails to do so. Others are also covering the fracas, including Steven J. Vaughan-Nichols at DevOps.com: OpenTofu replied, "The OpenTofu team vehemently disagrees with any suggestion that it misappropriated, mis-sourced, or otherwise misused HashiCorp's BSL code. All such statements have zero basis in facts." In addition, it said, HashiCorp's claims of copyright infringement are completely unsubstantiated. As for the code in question, OpenTofu claims it can clearly be shown to have been copied from older code under the Mozilla Public License (MPL) 2.0. "HashiCorp seems to have copied the same code itself when they implemented their version of this feature. All of this is easily visible in our detailed SCO analysis, as well as their own comments." In a detailed source code origination (SCO) examination of the problematic source code, OpenTofu stated that HashiCorp was mistaken. "We believe that this is just a case of a misunderstanding where the code came from." OpenTofu maintains the code was originally licensed under the MPL, not the BSL. If so, then OpenTofu was perfectly within its right to use the code in its codebase... [OpenTofu's lawyer] concluded, "In the future, if you should have any concerns or questions about how source code in OpenTofu is developed, we would ask that you contact us first. Immediately issuing DMCA takedown notices and igniting salacious negative press articles is not the most helpful path to resolving concerns like this."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Influential US Senator Sherrod Brown (D-Ohio) has called on U.S. President Joe Biden to ban electric vehicles from Chinese brands. Brown calls Chinese EVs "an existential threat" to the U.S. automotive industry and says that allowing imports of cheap EVs from Chinese brands "is inconsistent with a pro-worker industrial policy." Brown's letter to the president (PDF) is the most recent to sound alarms about the threat of heavily subsidized Chinese EVs moving into established markets. Brands like BYD and MG have been on sale in the European Union for some years now, and last October, the EU launched an anti-subsidy investigation into whether the Chinese government is giving Chinese brands an unfair advantage. The EU probe won't wrap until November, but another report published this week found that government subsidies for green technology companies are prevalent in China. BYD, which now sells more EVs than Tesla, has benefited from almost $4 billion (3.7 billion euro) in direct help from the Chinese government in 2022, according to a study by the Kiel Institute. Last month, the EU even started paying extra attention to imports of Chinese EVs, issuing a threat of retroactive tariffs that could start being imposed this summer. Chinese EV imports to the EU have increased by 14 percent since the start of its investigation, but they have yet to really begin in the U.S., where there are a few barriers in their way. Chinese batteries make an EV ineligible for the IRS's clean vehicle tax credit, for one thing. And Chinese-made vehicles (like the Lincoln Nautilus, Buick Envision, and Polestar 2) are already subject to a 27.5 percent import tax. But Chinese EVs are on sale in Mexico already, and that has American automakers worried. Last year, Ford CEO Jim Farley said he saw Chinese automakers "as the main competitors, not GM or Toyota." And in January, Tesla CEO Elon Musk said he believed that "if there are no trade barriers established, they will pretty much demolish most other car companies in the world." [...] It's not just the potential damage to the U.S. auto industry that has prompted this letter. Brown wrote that he is concerned about the risk of China having access to data collected by connected cars, "whether it be information about traffic patterns, critical infrastructure, or the lives of Americans," pointing out that "China does not allow American-made electric vehicles near their official buildings." At the end of February, the Commerce Department also warned of the security risk from Chinese-connected cars and revealed it has launched an investigation into the matter. "When the goal is to dominate a sector, tariffs are insufficient to stop their attack on American manufacturing," Brown wrote. "Instead, the Administration should act now to ban Chinese EVs before they destroy the potential for the U.S. EV market. For this reason, no solution should be left off the table, including the use of Section 421 (China Safeguard) of the Trade Act of 1974, or some other authority."

Read more of this story at Slashdot.